Creating Inbound Filters
By default, Windows Firewall (as well as most other firewalls) blocks any inbound traffic that hasn’t been specifically allowed. By default, the Public profile allows absolutely no incoming connections—this provides excellent security when connecting to public hotspots or other non trusted networks. The Domain and Private profiles allow some incoming connections, such as connections for file and printer sharing.
Use the buttons below to navigate through the lesson
If you install or enable a Windows feature that requires incoming connections, Windows will automatically enable the required firewall rules. Therefore, you do not need to manually adjust the firewall rules.
| Profile | Public | Private | Domain |
| Inbound Traffic | Blocked | Allowed | Allowed |
| File and Print sharing | Blocked | Allowed | Allowed |
| Windows component | Blocked | Automatically added | Automatically added |
Creating an Inbound Filter
If you install an application that does not automatically enable the required firewall rules, you will need to create the rules manually. You can create firewall rules using the standalone Windows Firewall With Advanced Security console.
To create an inbound filter, expand Configuration>Windows Firewall with Advanced Security and right click Inbound Rules. Select New Rule.
Program: A rule that allows or blocks connections for a specific executable file, regardless of the port numbers it might use. You should use the Program rule type whenever possible. The only time it’s not possible to use the Program rule type is when a service does not have its own executable.
Port: A rule that allows or blocks communications for a specific TCP or UDP port number, regardless of the program generating the traffic.
Predefined: A rule that controls connections for a Windows component, such as
Active Directory Domain Services, File And Printer Sharing, or Remote Desktop.
Typically, Windows enables these rules automatically.
Custom: A rule that can combine program and port information.
Select Predefined. From the drop down list select the required service, Click Next. From the list select the required service and click Next.
Allow The Connection Allows any connection that matches the criteria you specified on the previous pages.
Allow The Connection If It Is Secure Allows connections that match the criteria
you specified on the previous pages, only if they are protected with IPsec.
Optionally, you can select the Require The Connections To Be Encrypted check box,which requires encryption in addition to authentication. Selecting the Override Block Rules check box configures the rule to take precedence over other rules that might prevent a client from connecting. If you select this rule type, the wizard will also prompt you to select users and computers that are authorized to establish this type of connection.
Block The Connection Drops any connection attempt that matches the criteria you specified on the previous pages. Because inbound connections are blocked by default, you rarely need to create this rule type. However, you might use this action for an outbound rule if you specifically want to prevent an application from initiating outgoing connections.
Select the appropriate action and click Finish.
Creating an Inbound Filter – Program Rule
To create an inbound filter, expand Configuration>Windows Firewall with Advanced Security and right click Inbound Rules. Select New Rule. Select Program, and click Next.
Select This program path and click Browse. Select the required Program and click Open. Click Next. Select Allow the Connection and click Next. Select all Profiles and click Next. Type in a name. The new rule has now been added to the firewall.
